Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 55 articles for you...
98
security advisoryRed Hatheap overflowImportant Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libvpx security update Advisory ID: RHSA-2023:5539-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5539 Issue date: 2023-10-09 CVE Names: CVE-2023-5217 CVE-2023-44488 ===================================================================== 1. Summary: An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 After installing the update, all applications using libvpx must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx 2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: libvpx-1.9.0-7.el9_2.src.rpm aarch64: libvpx-1.9.0-7.el9_2.aarch64.rpm libvpx-debuginfo-1.9.0-7.el9_2.aarch64.rpm libvpx-debugsource-1.9.0-7.el9_2.aarch64.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.aarch64.rpm ppc64le: libvpx-1.9.0-7.el9_2.ppc64le.rpm libvpx-debuginfo-1.9.0-7.el9_2.ppc64le.rpm libvpx-debugsource-1.9.0-7.el9_2.ppc64le.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.ppc64le.rpm s390x: libvpx-1.9.0-7.el9_2.s390x.rpm libvpx-debuginfo-1.9.0-7.el9_2.s390x.rpm libvpx-debugsource-1.9.0-7.el9_2.s390x.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.s390x.rpm x86_64: libvpx-1.9.0-7.el9_2.i686.rpm libvpx-1.9.0-7.el9_2.x86_64.rpm libvpx-debuginfo-1.9.0-7.el9_2.i686.rpm libvpx-debuginfo-1.9.0-7.el9_2.x86_64.rpm libvpx-debugsource-1.9.0-7.el9_2.i686.rpm libvpx-debugsource-1.9.0-7.el9_2.x86_64.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.i686.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.x86_64.rpm Red Hat Enterprise Linux CRB (v.9): aarch64: libvpx-debuginfo-1.9.0-7.el9_2.aarch64.rpm libvpx-debugsource-1.9.0-7.el9_2.aarch64.rpm libvpx-devel-1.9.0-7.el9_2.aarch64.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.aarch64.rpm ppc64le: libvpx-debuginfo-1.9.0-7.el9_2.ppc64le.rpm libvpx-debugsource-1.9.0-7.el9_2.ppc64le.rpm libvpx-devel-1.9.0-7.el9_2.ppc64le.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.ppc64le.rpm s390x: libvpx-debuginfo-1.9.0-7.el9_2.s390x.rpm libvpx-debugsource-1.9.0-7.el9_2.s390x.rpm libvpx-devel-1.9.0-7.el9_2.s390x.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.s390x.rpm x86_64: libvpx-debuginfo-1.9.0-7.el9_2.i686.rpm libvpx-debuginfo-1.9.0-7.el9_2.x86_64.rpm libvpx-debugsource-1.9.0-7.el9_2.i686.rpm libvpx-debugsource-1.9.0-7.el9_2.x86_64.rpm libvpx-devel-1.9.0-7.el9_2.i686.rpm libvpx-devel-1.9.0-7.el9_2.x86_64.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.i686.rpm libvpx-utils-debuginfo-1.9.0-7.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-5217 https://access.redhat.com/security/cve/CVE-2023-44488 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlJBvQAAoJENzjgjWX9erEHmkP/j76TS36r/5pmVKxp+KznrJ2 B60LOzDV21Hhca6NRy/moHcSIfQEkty0fxWBQ8HqNrZ0mQRZNNFz1hOXZ097eH6B v9fRdFMeyqT5PFpPjU5y+gmyxt43ZCh7LEPBQvMGDCnkW4M8NUbE0y9uxjMiAe19 3zDDcLA+ssy7Z3K594ICHtuk5Rx8a5iIpRUbf63BBRTRlSPzsQ54FBi3zMSXIYDF lMcXbTHq8ysjjrUNDHag89Kg2Xt4XXoC9+W+E1PFqfnlZBzYttXb25yiJJfkvp9k s6AlYqjdQ0XHBpdiImuzknplOTFNIGfXePGM8cCqK5P752dmhg10RotbKNRCP8sj r/nlCUyXIV0RuFw6qDC0NFzxfXo8K/VUolHToa8BfxB+CzX+evRLDkCKJmEJv3wo /rt/W9lzALtXEwK+XqPs9pP/I9zRUXeaFocBKUaK8Mugiun8wwZfB5+sowa18+7V 8Y22YmtASXuAHhPPCRa1+UWpmzEwXRQMVnQcZSZfLadBJ141lJhMlwwoxbNNz+dj OBERh/JYwxBLWK80wmYjUa0751umz+P8UxrqEeA0OCpZ5Zt+GG9gMbVRIeYgP1kO LH4h27uhhRBDZ9rRnu3h7FWezeBvRRMwsCrElyEbQa/47aCmpOFIwqdiYwN26SCF YMobQwgofyBKFBn5GBId =/LcT -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 09, 2023
•Important
Red Hat
98
security advisoryred hatimportant impactRed Hat 9.0 RHSA-2023-4494 Important: Thunderbird Update and Threats
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:4494-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4494 Issue date: 2023-08-07 CVE Names: CVE-2023-3417 CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048 CVE-2023-4049 CVE-2023-4050 CVE-2023-4055 CVE-2023-4056 CVE-2023-4057 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fix(es): * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049) * Mozilla: Stack bufferoverflow in StorageManager (CVE-2023-4050) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056) * Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057) * thunderbird: File Extension Spoofing using the Text Direction Override Character (CVE-2023-3417) * Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character 2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions 2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation 2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking 2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions 2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects 2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager 2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state 2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.9.0): Source: thunderbird-102.14.0-1.el9_0.src.rpm aarch64: thunderbird-102.14.0-1.el9_0.aarch64.rpm thunderbird-debuginfo-102.14.0-1.el9_0.aarch64.rpm thunderbird-debugsource-102.14.0-1.el9_0.aarch64.rpm ppc64le: thunderbird-102.14.0-1.el9_0.ppc64le.rpm thunderbird-debuginfo-102.14.0-1.el9_0.ppc64le.rpm thunderbird-debugsource-102.14.0-1.el9_0.ppc64le.rpm s390x: thunderbird-102.14.0-1.el9_0.s390x.rpm thunderbird-debuginfo-102.14.0-1.el9_0.s390x.rpm thunderbird-debugsource-102.14.0-1.el9_0.s390x.rpm x86_64: thunderbird-102.14.0-1.el9_0.x86_64.rpm thunderbird-debuginfo-102.14.0-1.el9_0.x86_64.rpm thunderbird-debugsource-102.14.0-1.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-3417 https://access.redhat.com/security/cve/CVE-2023-4045 https://access.redhat.com/security/cve/CVE-2023-4046 https://access.redhat.com/security/cve/CVE-2023-4047 https://access.redhat.com/security/cve/CVE-2023-4048 https://access.redhat.com/security/cve/CVE-2023-4049 https://access.redhat.com/security/cve/CVE-2023-4050 https://access.redhat.com/security/cve/CVE-2023-4055 https://access.redhat.com/security/cve/CVE-2023-4056 https://access.redhat.com/security/cve/CVE-2023-4057 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk0P2tAAoJENzjgjWX9erE8R4QAJUHVxuPB6Nwx+WzZrKzaUmd fqnRB2xQXrFEZAjgYUTo1a2DmCHdVNw320G2KacahiOcsz5f1Kh+/HgwTFVc5at/ d8aRECut6OHxBKsCigohCMtKAVIyzIORAQfVei0cn+9vcDAYxFhaf0zGU7+y4AJv S/WiyDU9kpWzAPCmYgZDfQ6jQlZEI7IbdHaBtPm06JMdmmklm+pK02Lb9spBimTz 0nnAGgURcUsCDzCGBJO/7wAnVkCvD2tVHqD7aQ9x7DKW71fQqhMBJ9xxs7gXOXVe j8r8CEIUliGzqeuIgE+mm4DzrVxpRcwqxpc5tdKBXaBy5Pr0YxZe0Ho96sDk02j6 AL/Be4H1o6phpl6AlpvNrwPOO5l2mFJjchwvfSn5D0GCAS00qmavvSeTD1sc/RA6 3LQXCCgPzvQeykKqdIxG3dAB3dYNtXKHYdf4PWJB2lzqBCBgAW80Aw2bq6CHSXNs Yw3ESWDOE4fLBIxTYuVsvgilq9Q6Xm4UhkzpA1yBakJeyWEVbu5oorxFRyzhGXVv IR/5tAxsQ/VLevyKMH8AEbhxRhW1GQsmxeZV6Fuy85GyahfSw68mhkJg3NuwEoTS Syb18fiHsDg0u70BLglcSMSLrd5QGROHoJQYbZGgpl3tN/6ECQWIfgIpziyGGjHW zpsu67T9sa/wnmWFkUBW =ICtZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 07, 2023
•Important
Red Hat
98
security advisorydenial of servicesoftware updateRed Hat Single Sign-On 7.6.2 RHSA-2023:1049-01 Important: Mitigate Risks
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.6.2 security update Advisory ID: RHSA-2023:1049-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2023:1049 Issue date: 2023-03-01 CVE Names: CVE-2018-14040 CVE-2018-14042 CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 CVE-2021-35065 CVE-2021-44906 CVE-2022-1274 CVE-2022-1438 CVE-2022-1471 CVE-2022-2237 CVE-2022-2764 CVE-2022-3782 CVE-2022-3916 CVE-2022-4137 CVE-2022-24785 CVE-2022-25857 CVE-2022-31129 CVE-2022-37603 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-40149 CVE-2022-40150 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46175 CVE-2022-46363 CVE-2022-46364 CVE-2023-0091 CVE-2023-0264 ==================================================================== 1. Summary: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat SingleSign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * keycloak: missing email notification template allowlist (CVE-2022-1274) * keycloak: minimist: prototype pollution (CVE-2021-44906) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) * keycloak: path traversal via double URL encoding (CVE-2022-3782) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749) * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750) * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091) * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264) * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) *sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * keycloak: reflected XSS attack (CVE-2022-4137) * Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances 2066009 - CVE-2021-44906 minimist: prototype pollution 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073157 -CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API 2097007 - CVE-2022-2237 Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode 2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject 2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2148496 - CVE-2022-4137 keycloak: reflected XSS attack 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2158585 -CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation 2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code 5. References: https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2021-35065 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-1274 https://access.redhat.com/security/cve/CVE-2022-1438 https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-2237 https://access.redhat.com/security/cve/CVE-2022-2764 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/cve/CVE-2022-4137 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-37603 https://access.redhat.com/security/cve/CVE-2022-38749 https://access.redhat.com/security/cve/CVE-2022-38750 https://access.redhat.com/security/cve/CVE-2022-38751 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-46363 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/cve/CVE-2023-0091 https://access.redhat.com/security/cve/CVE-2023-0264 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hatsecurity contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY//t0dzjgjWX9erEAQhKpg//Y1TE5D88yW0VGXvGe9TRHY/D5kNFnaVq 2WBsboaGZbYLUdOQY21VLpmPjrnnzgw7mUgCUNSgDvjUWnMj0QZmCotVTx6IjKtE uiD7OCtDED+IrB7taLjb6FQqFTdadUvys4hCtMdg2Fg416z9CqCJRYx81liLaM6r L0aZAEjAknOOw6yaJg0rngNKvK41BHdb9OIN+rp+rVsGEIhW98Dh8Z2qnHd1OjLd Z3KYPy4i98UlZeL9jfX2zE6AA4giYX/Zn1LE8GG0jNuVLJOjn95Ez/EwZn9IO63T ppUoOoM7lo07FPVWGaqbBp8aH8xLVI/B+7vwtHzkz9azUiMhC+Z6cM7FyYcLmpu3 jYHt2nTvyFL1cYqNmnVWvyc8NX2jtL7loMPcPKCnEpXzXQsJ7pwqsl11uEqCfPg2 gf+WOgRZwjNUpBLiYtenAoi7YuHUyqCcji8WG63SXheSkjE8KUyqwlGWCkJ4nxWN JH2ltSMIFEcXJKG7fy3NX5PZxYc1d2B0Pbv55px3wXmACpL3Qz/935iOASRPoKWT 0rGhBovgaYXym8bSGpyQDqsyCwSTRG6hlf90kxPdA5a8cXDvPgBjDNtkk8cLXxma yO84vDgsCHMB5LfVZn8InPPNns4px6FlVdYEIWoBeQcxm+6YIR/qtSQ47vrNxkJp cDKm+9rjpZw=dZHg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 02, 2023
•Important
Red Hat
98
security advisorysecurity updateimportant impactRed Hat OpenShift 4.12: RHSA-2023-0770-01 Important Security Fix
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.12.4 security update Advisory ID: RHSA-2023:0770-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:0770 Issue date: 2023-02-20 CVE Names: CVE-2021-4238 CVE-2022-47629 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronouserrata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes 4. Bugs fixed (https://bugzilla.redhat.com/): 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 5. References: https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/QQQdzjgjWX9erEAQhx7A/+Om8qxgt2nYsZ4Hfc/WgMO2df0gBag9Tv mBiI8H+j7tSNuc0jXZJ9R6btZmUwJ4fqarqmIDXB0riH18e9g76MFlolwo98pKm3 EfpG0f5ZR6HiUigTCKvO+3SZTj1Uplr0u1BgTTGvWxAEOda/W6X0Rw+qt1AFCKyf 3np7KAnr863NY3BkOWjsyuvmrZ2Q2/71fJhCAVGy3mJfu5cIImi0XKW30FCnBrD9 iengjyA/gbvu8MI6Bdc3vEdVC0+ULYf4/MBh8lIbQw+Lt5UkNB1PMeg0ydQCZHeO Ds68YdvJ+Tc0oVcAH7eyl35S+jck9pQ34IRJL0rGr5nkhARwB+/DfUXwAOY4EZaC Tj4PbISBYiRXdaSA1W6vA/0wsXiGlHLb1ppwQEolg9uYTQHPzJAvsGSNhcW3p12n gXvdesY7EdtjHu0n6epYuZVrwBPxDc94WvCMhPcXa35u6uoa67ytFl77hGIOql6X D03kuQ0wRcm/Dr9ZBiSbUUGEaPTeY5R8bGqmBvhRFMZGER0xFit7439USqxm0ad1 X31JsfZxce55bu52f1VaWA+cKo3LQi8hyl/gwaP92WnIgKLDAwl/6/iB0nQji1TM GEdilXvkcb+9cu5PQ10p4pZmcM28GKG2YbojZrqL1Glb2/hP1mmoRJlZ3vjpKJ57 yL9oD12OfZU=iZUS -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 21, 2023
•Important
Red Hat
98
security advisorycritical threatimportant impactRed Hat Enterprise Linux 8: RHSA-2022-9067-01 Critical: Firefox Update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:9067-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:9067 Issue date: 2022-12-15 CVE Names: CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Security Fix(es): * Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878) * Mozilla: Use-after-free in WebGL (CVE-2022-46880) * Mozilla: Memory corruption in WebGL (CVE-2022-46881) * Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874) * Mozilla: Use-after-free in WebGL (CVE-2022-46882) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process 2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions 2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL 2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL 2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: firefox-102.6.0-1.el8_7.src.rpm aarch64: firefox-102.6.0-1.el8_7.aarch64.rpm firefox-debuginfo-102.6.0-1.el8_7.aarch64.rpm firefox-debugsource-102.6.0-1.el8_7.aarch64.rpm ppc64le: firefox-102.6.0-1.el8_7.ppc64le.rpm firefox-debuginfo-102.6.0-1.el8_7.ppc64le.rpm firefox-debugsource-102.6.0-1.el8_7.ppc64le.rpm s390x: firefox-102.6.0-1.el8_7.s390x.rpm firefox-debuginfo-102.6.0-1.el8_7.s390x.rpm firefox-debugsource-102.6.0-1.el8_7.s390x.rpm x86_64: firefox-102.6.0-1.el8_7.x86_64.rpm firefox-debuginfo-102.6.0-1.el8_7.x86_64.rpm firefox-debugsource-102.6.0-1.el8_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2022-46872 https://access.redhat.com/security/cve/CVE-2022-46874 https://access.redhat.com/security/cve/CVE-2022-46878 https://access.redhat.com/security/cve/CVE-2022-46880 https://access.redhat.com/security/cve/CVE-2022-46881 https://access.redhat.com/security/cve/CVE-2022-46882 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5uhINzjgjWX9erEAQhsCBAAofrVoNgJJ6cPmdajVnfBs1/mUEAli9jI V683ma7DQazn20wBOzqLq4aTGNYxVfQFalgfL3jOSYg8qlPcugDh5jAJet/h3RWI 1pJlC83Ud+QZDU+rbH9oMx7RW1rDbgeuvtR03EMrrL4s9sxgWmTy4+9eFJYofDnL culbyd2PzOc9whMbH5Z4y2W4AszBNU9yrUQzIRu1VSXq7uhdA7dyyahtxsCjiTQl s0VQADsJuxxCgYk0Xcb8B376kMgg8qZWgDsg/Iv4TXgv0Y9e853HIvswNivXXLCd BxU34vEDSTLIoSee3vCCeNKg0SSp1R3zL9bnLK1Hy03WSDnOvO0r2QSksOCs+5WD CZ1Y32auq05U3yY+1pg01JNLbOTwxtfejqxQNI/liaQy8p3Sp+tdNpLO40sirawT /kwOMhZjEgZwMiy80qkhMFZvBmsvosN7rJQxlLRkUS1wLwhYerX3F8EvgrqNOpAy mInilC8KX3iJZm79GtrG9fciUUCJWCGwQg0D3+JZgzHrTz7WUiwSxVnRr5lLGE8X h4QotqyCLdanR/Tt7RNQpro9FGTNodlHp20kk2uCHB0GcQ3zL1Z1DZ8TfEYf2rRm mQ8Ldp7OlaL53+IiU0unytZSAV9ypVfyy1CDN09CL68+jSftO/PRvWN9b7X0ld5W LHBMnzo9r0k=0eJF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 15, 2022
•Important
Red Hat
98
security advisorybuffer overflowRed Hat Enterprise LinuxRed Hat Enterprise Linux 8.1 RHSA-2022-5098-01 Important Grub2 Security
An update for grub2, mokutil, and shim is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grub2, mokutil, and shim security update Advisory ID: RHSA-2022:5098-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5098 Issue date: 2022-06-16 CVE Names: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 ==================================================================== 1. Summary: An update for grub2, mokutil, and shim is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds writein heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers(CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1991685 - CVE-2021-3695 grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap 1991686 - CVE-2021-3696 grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling 1991687 - CVE-2021-3697 grub2: Crafted JPEG image can lead to buffer underflow write in the heap 2083339 - CVE-2022-28733 grub2: Integer underflow in grub_net_recv_ip4_packets 2090463 - CVE-2022-28734 grub2: Out-of-bound write when handling split HTTP headers2090857 - CVE-2022-28735 grub2: shim_lock verifier allows non-kernel files to be loaded 2090899 - CVE-2022-28737 shim: Buffer overflow when loading crafted EFI images 2092613 - CVE-2022-28736 grub2: use-after-free in grub_cmd_chainloader() 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v.8.1): Source: grub2-2.02-87.el8_1.10.src.rpm mokutil-0.3.0-9.el8_1.1.src.rpm shim-15.6-1.el8.src.rpm aarch64: grub2-debuginfo-2.02-87.el8_1.10.aarch64.rpm grub2-debugsource-2.02-87.el8_1.10.aarch64.rpm grub2-efi-aa64-2.02-87.el8_1.10.aarch64.rpm grub2-efi-aa64-cdboot-2.02-87.el8_1.10.aarch64.rpm grub2-tools-2.02-87.el8_1.10.aarch64.rpm grub2-tools-debuginfo-2.02-87.el8_1.10.aarch64.rpm grub2-tools-extra-2.02-87.el8_1.10.aarch64.rpm grub2-tools-extra-debuginfo-2.02-87.el8_1.10.aarch64.rpm grub2-tools-minimal-2.02-87.el8_1.10.aarch64.rpm grub2-tools-minimal-debuginfo-2.02-87.el8_1.10.aarch64.rpm mokutil-0.3.0-9.el8_1.1.aarch64.rpm mokutil-debuginfo-0.3.0-9.el8_1.1.aarch64.rpm mokutil-debugsource-0.3.0-9.el8_1.1.aarch64.rpm shim-aa64-15.6-1.el8.aarch64.rpm noarch: grub2-common-2.02-87.el8_1.10.noarch.rpm grub2-efi-aa64-modules-2.02-87.el8_1.10.noarch.rpm grub2-efi-ia32-modules-2.02-87.el8_1.10.noarch.rpm grub2-efi-x64-modules-2.02-87.el8_1.10.noarch.rpm grub2-pc-modules-2.02-87.el8_1.10.noarch.rpm grub2-ppc64le-modules-2.02-87.el8_1.10.noarch.rpm ppc64le: grub2-debuginfo-2.02-87.el8_1.10.ppc64le.rpm grub2-debugsource-2.02-87.el8_1.10.ppc64le.rpm grub2-ppc64le-2.02-87.el8_1.10.ppc64le.rpm grub2-tools-2.02-87.el8_1.10.ppc64le.rpm grub2-tools-debuginfo-2.02-87.el8_1.10.ppc64le.rpm grub2-tools-extra-2.02-87.el8_1.10.ppc64le.rpm grub2-tools-extra-debuginfo-2.02-87.el8_1.10.ppc64le.rpm grub2-tools-minimal-2.02-87.el8_1.10.ppc64le.rpm grub2-tools-minimal-debuginfo-2.02-87.el8_1.10.ppc64le.rpm x86_64: grub2-debuginfo-2.02-87.el8_1.10.x86_64.rpm grub2-debugsource-2.02-87.el8_1.10.x86_64.rpm grub2-efi-ia32-2.02-87.el8_1.10.x86_64.rpm grub2-efi-ia32-cdboot-2.02-87.el8_1.10.x86_64.rpm grub2-efi-x64-2.02-87.el8_1.10.x86_64.rpm grub2-efi-x64-cdboot-2.02-87.el8_1.10.x86_64.rpm grub2-pc-2.02-87.el8_1.10.x86_64.rpm grub2-tools-2.02-87.el8_1.10.x86_64.rpm grub2-tools-debuginfo-2.02-87.el8_1.10.x86_64.rpm grub2-tools-efi-2.02-87.el8_1.10.x86_64.rpm grub2-tools-efi-debuginfo-2.02-87.el8_1.10.x86_64.rpm grub2-tools-extra-2.02-87.el8_1.10.x86_64.rpm grub2-tools-extra-debuginfo-2.02-87.el8_1.10.x86_64.rpm grub2-tools-minimal-2.02-87.el8_1.10.x86_64.rpm grub2-tools-minimal-debuginfo-2.02-87.el8_1.10.x86_64.rpm mokutil-0.3.0-9.el8_1.1.x86_64.rpm mokutil-debuginfo-0.3.0-9.el8_1.1.x86_64.rpm mokutil-debugsource-0.3.0-9.el8_1.1.x86_64.rpm shim-ia32-15.6-1.el8.x86_64.rpm shim-x64-15.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3695 https://access.redhat.com/security/cve/CVE-2021-3696 https://access.redhat.com/security/cve/CVE-2021-3697 https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/cve/CVE-2022-28734 https://access.redhat.com/security/cve/CVE-2022-28735 https://access.redhat.com/security/cve/CVE-2022-28736 https://access.redhat.com/security/cve/CVE-2022-28737 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYqtvZtzjgjWX9erEAQiqow/+IcUOf0BCPaIaF7Wfx3FzqT1UPNeHz7oe OIN8sDIpQAQRnNC7abh4Y10xZY/iBq9KzGMllLI95J680QeAsfRGHI/FOuAjE8mH dFDFjJPf368OCBlucD4ER3bOh/Z8qmCtiL+udaiXI3tOn9v2jCyAZU5l6XLkUMmM rwTSNejOkLFlZZSbOvsj7HPGovvSRwaeWyP8HSsB/x8ZxATV9hnWFxgzPShdc4Av Guo+e5Ox5kCsYUMx+JaLTB5f0r84Ww/JF/yC54+7GaJjKqfOn/fBZve6x8EpMlzH p6hiYoc0H3w4Q8dt64Dy84YBxd2lab1yf78P6wnfIc8DbJLk8WEiGFHXgztUcoSF zPHzy3KvdRjm0VbsHv6zos+vw6xk853lk7x1VC+hfzwX8k+v6qjLQVWe6o0Bgbr1 uddxC4FS8q9IimrBIOdQMFgAB2EHlkQ6+rtAMEnrQl7FNuc+01bfqAzlSxST5whA tmDHTn+yfAq8IZxme9fUB0IWPE6B7X9BuFOEUJXoDA7a32XNBh7rxZMKM8Qvik2m f6wFbeOMUP1qH5aI5q7w7gjDALZYCjkm6G4PZIzPe7b5d776oVTi6LVLrNqoF3iS YSoJcfgbAD/z4vhD7+v8jchsKajLhfU6cg1Y55tCaWE+ChZX5gxxg9np2RimQUKg OSDo4rO0XWs=U5j2 -----END PGP SIGNATURE----- -- RHSA-announce mailinglist
Jun 16, 2022
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat: RHSA-2022:0658-01 Critical: cyrus-sasl SQL Command Injection
An update for cyrus-sasl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: cyrus-sasl security update Advisory ID: RHSA-2022:0658-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0658 Issue date: 2022-02-23 CVE Names: CVE-2022-24407 ==================================================================== 1. Summary: An update for cyrus-sasl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols. Security Fix(es): * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands 6. Package List: Red Hat Enterprise Linux AppStream (v.8): aarch64: cyrus-sasl-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-sql-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.aarch64.rpm ppc64le: cyrus-sasl-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-sql-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.ppc64le.rpm s390x: cyrus-sasl-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-sql-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.s390x.rpm x86_64: cyrus-sasl-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.i686.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-sql-2.1.27-6.el8_5.i686.rpm cyrus-sasl-sql-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: cyrus-sasl-2.1.27-6.el8_5.src.rpm aarch64: cyrus-sasl-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-devel-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-gs2-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-gssapi-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-ldap-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-lib-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-md5-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-ntlm-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-plain-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-scram-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.aarch64.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.aarch64.rpm ppc64le: cyrus-sasl-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-devel-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-gs2-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-gssapi-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-ldap-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-lib-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-md5-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-ntlm-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-plain-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-scram-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.ppc64le.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.ppc64le.rpm s390x: cyrus-sasl-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-devel-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-gs2-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-gssapi-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-ldap-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-lib-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-md5-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-ntlm-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-plain-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-scram-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.s390x.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.s390x.rpm x86_64: cyrus-sasl-2.1.27-6.el8_5.i686.rpm cyrus-sasl-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.i686.rpm cyrus-sasl-debugsource-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-devel-2.1.27-6.el8_5.i686.rpm cyrus-sasl-devel-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-devel-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-gs2-2.1.27-6.el8_5.i686.rpm cyrus-sasl-gs2-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-gs2-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-gssapi-2.1.27-6.el8_5.i686.rpm cyrus-sasl-gssapi-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-ldap-2.1.27-6.el8_5.i686.rpm cyrus-sasl-ldap-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-ldap-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-lib-2.1.27-6.el8_5.i686.rpm cyrus-sasl-lib-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-lib-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-md5-2.1.27-6.el8_5.i686.rpm cyrus-sasl-md5-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-md5-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-ntlm-2.1.27-6.el8_5.i686.rpm cyrus-sasl-ntlm-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-plain-2.1.27-6.el8_5.i686.rpm cyrus-sasl-plain-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-plain-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-scram-2.1.27-6.el8_5.i686.rpm cyrus-sasl-scram-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-scram-debuginfo-2.1.27-6.el8_5.x86_64.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.i686.rpm cyrus-sasl-sql-debuginfo-2.1.27-6.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYhZdHtzjgjWX9erEAQhlrw/8CPQLEOX9Nf302NAuTfwwg8kmdrx1tTUC 4J4JSz7PgACweOGGszjWqmRmxIk2MfRhKMoq1xhOGWBOGnnqECasGMh8mJ3a7XWc NAwpWU5vURNY+Kj2w/7hvLvxTXZcvZeKU9dbrKRv5Y/oasDqqgAVg95f+lKlHvbn xoUcIZfztnfto/4OIcldRnuR1A5bR6oN1vtWgMR2+oEL2Q8CMsSEkonAPTCJfzrg A9i1NJGdLiNPtc7hGdKDuRr7yiAFfwowgBqHOO4z0qu6za328vhsf2AeWq2gehf3 UWPHknYSxzApjxoREXaU5VhA3ugIhFNEfgjthL+5T5cWjgWySC1jhjH/BGk+eviJ YFUdn6X6xI3LjkOCcHanfT+9i5r9y0OKk6ElmkKX7PwCZ63tjZeA8TsRz6/PugWg U3NwAYdlzEGG8rDBsUg9SpGVszrx9bigZMtK9/GYJl1DpKMd3TwYveNHeEeaQ9ZU 9J8FjqGUtd+Q+/4q4FG+nNt9aTuJ63t3cqtISUtztMzc67S5Nbh0HWvHWRbGP9FW nxQCFnb7xCr9Epr9OPEslj9Fo7yrDPVtTgwCpfhmp0ZNPTJ5HBcOO0V/MmGYmdih 5+eioNz4FWfL4GPcaSkVFVKFi1WQ45Pd7PKiBgz+XUJsSQzO7X8Jj/sfv2wD1u4P 7g75nmczdg4=43uc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 23, 2022
•Important
Red Hat
98
security advisorysecurity issuesecurity fixRedHat: RHSA-2022-0237 Important: OpenStack 16.2 Etcd Security Fix
An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.2 (etcd) security update Advisory ID: RHSA-2022:0237-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:0237 Issue date: 2022-01-24 CVE Names: CVE-2021-29923 CVE-2021-34558 CVE-2021-44716 ==================================================================== 1. Summary: An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - ppc64le, x86_64 3. Description: A highly-available key value store for shared configuration Security Fix(es): * net/http: limit growth of header canonicalization cache (CVE-2021-44716) * net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 6. Package List: Red Hat OpenStack Platform 16.2: Source: etcd-3.3.23-7.el8ost.src.rpm ppc64le: etcd-3.3.23-7.el8ost.ppc64le.rpm etcd-debuginfo-3.3.23-7.el8ost.ppc64le.rpm etcd-debugsource-3.3.23-7.el8ost.ppc64le.rpm x86_64: etcd-3.3.23-7.el8ost.x86_64.rpm etcd-debuginfo-3.3.23-7.el8ost.x86_64.rpm etcd-debugsource-3.3.23-7.el8ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYe7fX9zjgjWX9erEAQgTqBAApiEvRhNUFr0YXwwkpQDxTgVN4kt4be7m JBOgM17TmlQawxu3od5J7UFl+np1fV0L/QV//e+oDpDYwYynAIlDSL9iOucuuf6v s+csnjy/e7N/2z/4nfyZ+uVKSyWGqSCOJjtIVjiS1BGfyUSACCsfOiIAxBgQWtuB 7P0RxX2nZxKP3SCapYTpGgB2r661VN+Lp17Sf9gpkXC7ia+iAbItsYTZvc7Fs9YD bbTFq3tkec7yvDVN6grCe4RbtOcsh/TqqK0Mcwq5gbXJ1ufdYBP9Z6qexudaxRJe qPBKK9Btitivf0xzzDgWMzIMheypVJYRd8CiAOgdjlqEqhOBvSIuTHQOgkkllCQW /G0nRJVAS1dxmcu263nGmRGfHs7dqyvA7bTmrXHItNDPfiGbHg6cvzO8qeCVxBQ8 TCQPkFv8viZZNmjlJYQfrNKGnTFnCvxLCtVrB7pxffEOwRDAPcyub6ciuLrh9ThH 8X/19OPFQ2GXEFSortCFRs5JjcxAzfBUlPGa/jXjFBQYmx0xc90g/G4N5CGfAE1h BFTcrFy/0rbk8X6mWWMBaDT+vJSq0Tc9d0WNW00fQkSIxokv+rczFh9DF9Oppiwo z0Fq+DcCslQqtqR/um6M3WGOVlPL7LJfCrOuhfAokL7MFgepe3yEu/P6lhahzNZ0 MhfiHspUHDk=ZZOW -----END PGP SIGNATURE----- -- RHSA-announce mailinglist
Jan 24, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!